Wednesday, March 21, 2018

Encryption is a Human Right

Awhile back I registered an encrypted email account from ProtonMail. Operating from Switzerland, ProtonMail employs multiple methods to secure your email. Free.

Consider it like Gmail, but encrypted and free, and not in cahoots with the US government or with FVEY

Proton also offers a free VPN, you can sign up for it when you make a free email account, but due to overwhelming demand there may be a waiting list. You can also purchase a paid VPN plan, however, and tunnel your encrypted communications immediately. 

Proton appears to generate a fresh set of PGP keys, which you can find by clicking on Settings and then looking in the leftmost menu. There is probably a way to set up ProtonMail to use your preexisting PGP keys, but it really does not matter. You can own multiple key sets. 

Think about it like this. In the same way that you can generate a fresh Bitcoin address and use it when you like, you can also generate a fresh PGP key pair. You can use a unique Bitcoin address just for one transaction. Or you can use it many times, for a specific class of transactions. Or you can use it all the time. It is the same with PGP key pairs. 

Think about how complex this makes surveillance. NSA can throw clock cycles at a key pair to decrypt it, but then you use multiple key pairs, or worse, you only use key sets once, and then you create and use another pair. 

Obviously the solution for NSA is to stop chasing the target, decrypting keys when they are encountered, and to gain root access to the host machine, where keyboard input can be sniffed before it is encrypted. 

Not much that any of us can do about that. 

Hackers and spies have workarounds, but they are complicated, and they require booting from a USB stick into an OS which is used for just that lone communications session. That OS is called Tails. If your security really matters, you will use a Tails USB stick once, then destroy it. 

The rest of us just do the best that we can. We use a VPN, and we switch them up, to enhance our chances of using one that is not penetrated by NSA. We encrypt our text, doing it automatically in encrypted email like ProtonMail, or we do it separately, in a service like KeyBase

There is no reason not to separately encrypt a message in KeyBase, and then send it encrypted a second time using a separate key pair in ProtonMail. Your computer does not care. It is just encrypting text. It can encrypt text that is already encrypted. 

For NSA, if they do not enjoy root access to your device, and they are not already sniffing your content as you create it, before it is encrypted, they now have to figure out which multiple PGP key pairs that you used. Extrapolating this out across millions, even mere thousands of users, you see the complexity of their challenge. 

I am a patriotic American. I support NSA when it is engaged in its statutory purpose of SIGINT against foreign targets, or when it is focusing on legitimate domestic targets during a counterintelligence case in compliance with warrants issued by a real judge in a real court. 

I reject the habit, now systematized, of NSA automatically siphoning all our content and metadata and warehousing it to be decrypted and processed at its leisure. If my government wants to know what I am saying and who I am talking to, it needs to get a warrant from a real court and a real judge. We are Americans. 

You can download the Public key that ProtonMail generates for you and save it with your other keysets. I have not yet tried to register this new keyset, but I imagine that ProtonMail does this for you automatically. It really does not matter. ProtonMail uses the key to encrypt your email in the background. You are not aware of it. It just works. 

ProtonMail operates from servers in Switzerland and Iceland, and you can access it from the TOR network to obscure your metadata. 

I plan to use ProtonMail for a bit, and then if I still like it, I will upgrade to a paid package that includes ProtonVPN. I already use Opera VPN, another free VPN service, and it appears to work flawlessly. But it only works on my mobile devices, not on my desktop, as that functionality is reserved for its desktop Opera browser, which I do not use. 

This link will take you to the ProtonVPN page, where you can sign up for a free VPN. You can also leap from there to sign up for a free encrypted ProtonMail account. 

It is nobody's business what you are saying or doing. If the government, or worse, a company like Google, wants to sniff your communications and track your activities, they should only do so through sworn government agents pursuant to a warrant issued by a real judge in a real court. 

Remember: if something is free, then generally you are the product. Google just recently stopped passing our Gmails through algorithms (so they say) in order to offer us intelligent advertising. Everybody has a Gmail account. Some of us have many of them. If you have a fetish for security but prefer to use Gmail, you can create a Gmail account, encrypt your data using KeyBase, and use that Gmail account once in concert with a burner phone. 

ProtonMail is also free. But the company offers end-to-end encryption, it never sniffs our content, indeed it cannot sniff our content, as encryption takes place on your host machine, not on their server. If you access ProtonMail using TOR, your Metadata is washed through TOR. 

Why can ProtonMail offer a free encrypted email account? Because it is a teaser to illustrate for you the virtues of their operation, to lure you into purchasing a paid account. Makes sense to me. 

It is difficult to remain a hard surveillance target these days. We all do what we can. Few of us are involved in criminality. Yet we should feel no guilt when we encrypt our communications and our interactions. Our business is our own. We no longer have to live our lives like open books, with our data and our metadata available to anyone to examine. 

Think on this. Google became one of the wealthiest, most powerful companies on the planet, simply because we permitted it to hash our content at their whim. We were the product. What did Google do with all that data? We can assume that they sold some of it to our own government. 

Yes, we got free email. For that to be profitable for Google, and it obviously was very profitable, they had to sell something to a customer. What did they sell? They sold us. 

So encrypt everything. Go dark. Privacy is a human right. 

So is encryption. Encryption is a human right. 


Post a Comment

<< Home